[tor-dev] Raising AuthDirMaxServersPerAddr to 4?

Roger Dingledine arma at torproject.org
Sat Jun 1 19:22:19 UTC 2019

Hi folks,

I've been talking to a longtime exit relay operator, who is in the
odd position of having a good 1gbit network connection, but only one
IP address.

He used to push an average of 500mbit on his exit relay, but then the
HSDir DoS flatlined his relay for a while (!), and now, perhaps due to
the bwauth variability, his exit relay only recovered to maybe 200mbit.
He is running a second exit relay on that IP address, but also perhaps
due to the bwauth variability, it hasn't attracted much attention either.

The real answer is to fix the bandwidth measurement infrastructure. But
while we're patiently waiting for progress there, I've been thinking
to raise moria1's AuthDirMaxServersPerAddr to 4, i.e. to allow 4 relays
per IP address onto the network.

I don't think it would significantly increase our risk due to Sybil
attacks, whereas there is a clear benefit in terms of some more 100's
of mbits of good exit relay capacity.

I will propose this change to the dir-auth list in a bit, but here is
your chance to point out surprising impacts that I haven't thought of.


More information about the tor-dev mailing list